[tor-bugs] #22809 [Applications/Tor Browser]: Tor Browser does not provide red security warning for downloading executable in HTTP

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 4 20:08:00 UTC 2017


#22809: Tor Browser does not provide red security warning for downloading
executable in HTTP
--------------------------------------+--------------------------
 Reporter:  naif                      |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ux-team                   |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by arma):

 The best order of operations here would be for Firefox to fix its bug, and
 merge the fix, and then we can get the fix when we pull in a future
 version of Firefox.

 Another option is, if there is a good patch but Firefox won't take it or
 it will be years until we pull in the version of Firefox that includes it,
 that we could apply the patch to Tor Browser directly, and maintain it
 until things catch up with the Firefox releases.

 But I am unclear on why we should single out exe files here. In the
 mozilla bugtracker, you mention rpm and deb files too. Why not tarballs
 also? Or docx files? Where do we draw the line?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22809#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list